Trying to find useful things to do with emerging technologies in open education and data journalism

The Curse of Our Time – Tracking, Tracking Everywhere

You probably can’t help but have noticed (in the EU at least), that website operators seem keen to gain your permission to pop “cookies” into your browser. Cookies are tiny computer files that a website can use to store information about you on your own computer. To prevent nasty people doing nasty things, the security policies operated by your browser try to ensure that only websites that write a cookie can read them back.

Because of the way that web pages are constructed, it might well be that third parties appear to write cookies to your computer when you land on a particular website from that website, but that isn’t the case. Instead, web page publishers allows other sites to write cookies to your browser by including third party scripts in their pages. For example, reading the ITV cookie policy, I notice that they declare that third party advertising services may deploy cookies when you visit the ITV website. In this case, those third parties will almost certainly use the cookie as part of a recipe that records the fact that you went to the ITV website. If the same third party is used by Channel 4, that third party will be able to add information to the cookie it set when you visited the ITV website so that it knows you visited both those sites.

If enough people adopt a particular third party service, that service may be able to pick up quite a good idea about the range of sites you visit. Google’s various ad’n’analytics services in principle allow it to track you across a wide range of sites, because those services are so widely used, though the extent to which Google does or does not fuse data from the cookies associated with those various services may be moot…

The model is crudely this: when you visit a web site, the publisher alerts the advertisers that someone has landed on the webpage. Through various cookie machinations, the publisher (and/or the advertiser) may be able to identify you, or certain things about you, from the various cookies on your machine. The advertisers decide what you’re worth and bid to place the advert. The publisher accepts a bid from one of the advertisers and pops the ad into the page you’re visiting. Sort of. (The publisher in this case is more likely to be an ad marketplace/broker, rather than the webpage publisher.)

So that was new to me – realtime bidding. The world’s gone mad. Anyway. As a result of that, I suddenly appreciated the creepy bit in the image above, in step 4: “advertisers choose to buy 3rd party data optionally”. That is, advertisers – in real time – may buy cookie mediated information about people who are in the process of loading a particular web page – in order to work out a bid price for placing an ad within that page to present to that person. Personal advertising, in real time. If data from other (non-web) sources can be added into the mix, perhaps because someone has been uniquely identified, then presumably all the better… for example.

To help create a better picture of the person who is actually opening up a web page, and to piece together all those fractional bits of information that separate web domains can place into your browser through cookies they – and only they – can read and write – “cookie matching” services, such as the cookie matching service run by Google’s DoubleClick Ad Exchange provide a means by which various parties can pool together, or sell between each other, what they know about an individual from the cookies they have independently set on that individual’s webpage. (For a description of one recipe for matching cookies, see SSP to DSP Cookie-Synching Explained.)

I guess I knew this happened anyway (it’s part of the basis for ad retargeting – aka ads that follow you round the web), but I hadn’t realised quite how sharey-sharey, selly-selly and real time it all was.

So we’re being tracked and info about us being sold in real-time as we traipse around the web. But we know that anyway, and we don’t seem to let it bother us.

…because as well as ANPR systems operated by the police, ANPR is widely used by private companies (though I’m not sure about the extent to which they do, or may be obliged to, share their logs or data collection facilities with the police?) For an idea of what sorts of ANPR “solutions” are available, here’s a list of approved car parking operators with some handy metadata that shows whether they use ANPR or not.

Camera surveillance is just not limited to ANPR systems of course, as any precinct bench loitering yoofs will be able to tell you. Just what is and isn’t deemed acceptable generally is described by the recent (August 2013) surveillance camera code of practice (press release).

Hey ho – it’s got me wondering now what other pieces of the panopticon are already in place?

Thanks for that Andy – will take a look. It’s really easy to come across as paranoid putting together posts like this, but it really is a drip, drip, and the potential for JOINs gets ever easier… But then, maybe universal tracking is not a bad thing…?! Hmmm…. Gulp…